This is a Perl-coded script designed to backup eDirectory on Linux or Solaris. eDirectory 8.7.x and 8.8 along with NICI 2.6.x and 2.7 currently work and are tested on Linux and Solaris. To run the script save it to a box with eDirectory on it and make the script executable. The script will automatically run with Perl when it is run directly. Perl comes, by default, on all Unix and Linux distributions. The script will run anywhere Perl is though it is not made to do anything properly on other platforms.

Update: 2012 Mar 22 – Fixes a couple of potential issues that have come up over the past couple years.

Update: 2007 Mar 03 – Now backs up vardir instead of dibdir only. For 8.8 it also backs up dibdir if it is not contained in vardir for large distributed-filesystem environments.

The script has a few options that can be passed in for scriptability without prompts. The info from -h follows:


./ -h #Show help information. This info here.
./ -p /tmp/backup/path/goes/here
./ -c /etc/nds/conf/file/nds.conf[,/etc/other/conf/file/nds.conf]
./ -d /etc/opt/novell/eDirectory/conf/.edir/
./ -s #Force through the reminders that are defaults.

The -p option lets you specify where to put the destination TAR (Tape ARchive) files. This defaults to /root for security reasons. On Solaris you will want to create and secure this directory if it does not exist by default.

The -c option specifies a configuration (nds.conf) file specifically. This is useful for eDirectory 8.8 where multiple instances exist and need to be backed up in a scripted fashion (weekly backups of the entire DIB, for example).

The -d option specifies the directory where multiple configuration files exist. By default this is the /etc/opt/novell/eDirectory/conf/.edir/ directory. Having this configurable allows the script to be used for non-root installations of eDirectory. Non-root installations are installed all to one location, like a user’s home directory.

The -s option skips through the first prompt telling the user that the DS instance that is backed up will be shutdown for the backup to be properly taken. Use this whenever the script is called from other scripts where interactivity is not an option. It can also be used to prevent one more check that may be annoying.

To run this script with eDirectory 8.8 be sure you have run the ndspath command. Without this the script will fail because it cannot find ndsmanage. This goes for eDirectory installed as root or non-root. As long as ndsmanage can be called without the absolute path the script will work.

The script has many lines of comments at the beginning regarding the scripts operation. Read these before using the script. Also you should try this out on your own and understand how things work before making this backup your DS nightly. Failing to do so could leave your DS stopped when it should have been restarted. The script performs no checks for adequate space and each backup is made to a new file so running this regularly will, eventually, fill your hard drive.

At the end of each run of the script a return value is sent back to the prompt for interpretation. A 0 means there were no fatal errors, a 1 means there was a fatal error. As other commands are made by the script the return values of those calls is included in the log which is output to the screen (via STDERR). That can be redirected to /dev/null (./ -s 2>/dev/null) or it can be saved to a file for further analysis and interpretation (mail it to yourself, for example). The logging is fairly extensive and very helpful for troubleshooting.

The ability to backup other *nix’s may come as I am able to find and test them (AIX is probably next). Comments/critiques/questions appreciated. The source is highly-commented and that is for the good of us all.

1 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 5 (1 votes, average: 5.00 out of 5)
You need to be a registered member to rate this post.

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

Leave a Reply


  • aburgemeister says:

    A customer noted that extracting the ndsrc-generated archive threw a nastygram when they used tar to extract as shown below:

    # tar -xvf test-12\:34\:56.tar
    test-12: Unknown host
    tar: test-12\:34\:56.tar: Cannot open: Input/output error
    tar: Error is not recoverable: exiting now
    2011-09-12 09:59:00 Jobs:0 Err:2

    The tar command has become smart over time and now appears to know how to chat on the network; as a result if it does not know you are explicitly pointing to a file and it sees a colon (:) in the file name it tries to find something on the network. The default filename created by includes colons to show the time of the backup taken for both eDir and NICI and so if you try to use tar as shown above to extract the archive it will fail (for versions of tar that understand colons may be delimiters for hosts). The workaround for this is to just add a dot-slash before the file:

    # tar -xvf ./test-12\:34\:56.tar

    This tells ‘tar’ that this is a file where you are…. an absolute path should work as well of course… and therefore tar doesn’t try to do anything network-related.

  • gordon_mzano says:

    Just curious…Why would one use ndsrc when there is dsbk (TID 3295479)?

    #! /bin/sh
    # Clean up old backups…
    find /root/backup-edir/cron -type f -ctime +15 -exec rm {} \;
    dsbk backup -b -f $BACKUPFOLDER/edirbak-`date +%Y-%m-%d`.bak -l $BACKUPFOLDER/edirbk-`date +%Y-%m-%d`.log -t -w

    # Email admin edir backup reports
    # Allow enough time for the edir backup to finish processing.
    echo “” >> /root/backup-edir/cron/edirbak-`date +%Y-%m-%d`.log
    ls -lh /root/backup-edir/cron >> /root/backup-edir/cron/edirbak-`date +%Y-%m-%d`.log
    mail -s NDS BACKUP REPORT -a /root/backup-edir/cron/edirbak-`date +%Y-%m-%d`.log </dev/null

    • ab says:

      Good question. I’d definitely recommend using dsbk for anything requiring support, and for any situation where it is likely that you’ll actually be bringing a single server back into a tree with many other replicas-holders. The reason is that dsbk is the ONLY way to properly do this, assuming you do it properly (which is a big assumption), and properly merge in a server such that its copy of data is consistent with all other servers in the tree. If, for example, you do not handle your Roll-Forward Log (RFL) files correctly, restoring with dsbk may not work fully. Back when dsbk was just embox this also required Role Based Services (RBS) to be properly setup in iManager, which was quite painful. There were also bugs with dsbk for a long time which, while not complaining about problems, failed to backup NICI, so restores without NICI were missing things that were encrypted with NICI. It’s all fixed now, but is older than those kinds of issues.

      The script is meant to just grab the DIB and NICI with as few assumptions as possible; the one notable exception to that assumptions rule is: “You know how to restore it and the risks in doing so if there are other servers in the to-be-restored tree.” No need for RFL configuration, having any kind of access to any working eDirectory commands, or much of anything. Just grab the DIB, exactly as it is, maintaining directory structures everywhere, so have a perfect DIB backup for whenever you need it. i.e. be very much like ‘dsrepair -rc’ on NetWare.

By: ab
Mar 22, 2012
10:15 am